Is OAuth authentication ONLY PLAINTEXT?

I have been able to get debug version of the software to get the OAuth 1.0a access token and secret for accounts at Twitter, LinkedIn, Tumblr, and Yahoo.

But always get 401 unauthorized on Ning.

I think I've made the mistake of thinking the documentation using "signature_method='PLAINTEXT' " was just for simplicity, clarity and avoidance of signature complications. That the 'HMAC-SHA1' default would be substituted for production work.

'PLAINTEXT' would mean our 3'rd party app has to get, from a form we present to the user, the user's Ning account email address AND Ning account password, does it not?

I thought a major part of OAuth was to avoid the 3'rd party software to ever knowing / having the Ning login credentials (email/password) for the user's Ning account.

Have I got this right?

If so, any prospects for full blown HMAC-SHA1 implementation in the offing?

At the moment, the Ruby OAuth gem I'm using does not offer 'PLAINTEXT' option. What would be recommended?